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SYSTEMS AND METHODS FOR POLICY BASED PRINTING 



BACKGROUND OF THE INVENTION 

1. Field of Invention 

This invention relates to document forgery protection systems and methods. 

2. Description of Related Art 

Various techniques are known for detecting and/or deterring forgery of an 
original printed document. Document forgery includes both unauthorized alteration 
of the original document and unauthorized copying of the original document. 
Previously, watermarks have been applied to documents to detect and/or deter forgery. 
Watermarks are printed marks on a document that can be visually detected or detected 
using special equipment. Fragile watermarks are marks that appear in an original 
printed document but that will not appear in a copy of the original document made on 
a standard photocopier or will be detectably degraded in the resulting copy of the 
document. 

Robust watermarks are marks in an original document that will be accurately 
reproduced on any copy of the original document made on an standard photocopier so 
that information contained in the watermark can be extracted from the copy. There 
are two types of robust watermarks that can be used. The first type of robust 
watermark is a mark that appears on both the original document and a copy. The 
second type of robust watermark is a mark that is present, but that is not readily 
visible, on the original document, but that becomes clearly visible on a copy of the 
original document. The second type of robust watermark is also known as an 
invisible robust watermark. 

Forgery of an original document containing a fragile watermark by copying 
the original document is easily detected by the absence of the watermark on the copy 
of the original document. Forgery of an original document containing the first type of 
robust watermark is detected by extracting information contained in the robust mark. 
This information could identify a custodian of the original document and information 
relating to copy restrictions or other restrictions as to the use of the information in the 
original document. Forgery of an original document containing the second type of 
robust watermark is detected by the visible presence of the watermark on the copy of 



the original document. For example, the information contained in the second type of 
robust watermark could be a banner that reads "This is a copy" or a similar warning. 

SUMMARY OF THE INVENTION 

This invention provides systems and methods for adding fragile and robust 
watermarks to an original document as it is printed. 

This invention separately provides systems and methods for printing a 
document requiring forgery protection using a number of trusted printers. 

This invention separately provides a series of trusted printers that together 
permit differing levels of forgery protection to be provided to a document to be 
printed. 

In accordance with various exemplary embodiments of the systems and 
methods according to this invention, a family of trusted printers is managed to provide 
a range of different forgery detection and deterrence techniques. The protection 
requirements for an original document to be printed are determined by a trusted 
printing policy. The factors used to determine the protection requirements required 
for the original document to be printed include the value of the document being 
created, assumptions about the resources available to an adversary or attacker, such as 
a potential forger, and the cost of providing the protections to the original document to 
be printed. 

When an original document requiring forgery protection is to be printed, the 
print job for that document is routed to a trusted printer that can print a watermark that 
includes copy evidence and/or tracing information necessary to obtain the required 
level of protection. Copy evidence is evidence that can be obtained through an 
inspection of a document that indicates whether that particular document is an 
unauthorized copy of an original document. Tracing information is information 
printed on a document that identifies the custodian(s) of the original document and 
restrictions on further copying that apply to the custodian(s) and to the original 
document. Other information may also be included in the tracing information that 
serves to more uniquely identify the original. The required copy evidence is applied 
to the printed document through the use of fragile watermarks or robust watermarks. 
The required tracing information is applied to the printed document through the use of 
robust watermarks. The parameters of the selected trusted printer are set by a print 
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management system to print the watermark(s), including the copy evidence and/or 
tracing information, appropriate to the required level of protection. 

These and other features of the invention will be described in or are apparent 
from the following detailed description of various exemplary embodiments of systems 
5 and methods according to this invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Various exemplary embodiments of systems and methods according to this 
invention will be described with reference to the following drawings, wherein: 
Fig. 1 is a schematic diagram illustrating a print management system 
10 according to this invention; and 

Fig. 2 is a flowchart of a document forgery protection printing method 
p according to an exemplary embodiment of this invention. 

J DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

rJ Fig. 1 is a schematic diagram illustrating a system for policy based printing. A 

yl 15 network 100 includes at least one server 110 that controls a plurality of computers 

ffs 121, 122 and 23. The server 110 also controls a family 130 of trusted printers 131- 

^ 135. A trusted printer is a printer that is available only to authorized users of the 

H network 100. The server 110 includes an operating system 111 that allows users of 

m the network 100 to use various applications stored in the server 1 10 on the computers 

S 20 121, 122 and 123. The applications may include, for example, word processing 

applications, spreadsheet applications, image scanning and/or processing applications, 
and/or database management applications. Authorized users of the computers 121, 
122 and 23 can use the applications stored in the server 110 and controlled by the 
operating system 1 1 1 to create documents 140. The applications process images of 
25 the document 140 that can be viewed on the display units 151, 152 and 153 of the 
respective computers 121, 122 and 123. 

The document 140 can be printed by entering a print command into one of the 
computers 121 or 122 or 123 and sending a print job to the server 110. The operating 
system 1 1 1 includes a print management system 112 that selects one of the family 130 
30 of the trusted printers 131-135 that can provide a required level of protection for the 
document 140 to be printed. The print management system 112 includes a policy 113 
that maps the document protection requirements to the specific security protection 
techniques available from the family 130 of the trusted printers 131-135. 
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The policy 113 determines the required protection level for the document 140 
to be printed by collecting information about the value of the document 140 from the 
document creator or owner or from any other person authorized to print the document 
140. The information may include assumptions about potential forgery and the cost 
necessary to provide a level of protection to detect and/or deter the potential forgery. 
The user may enter the information about the document 140 through a graphical user 
interface provided on one of the display units 151-153 of the particular computers 
121-123 being used to print the document 140. 

The print management system 112 may also allow the users to question each 
of the trusted printers 131-135 to determine what protection level each trusted printer 
131-135 provides. The print management system 112 may also provide information 
to the user about which forgery techniques each protection level is able to detect 
and/or deter and the costs of using each protection level. Each computer 121-123 may 
be controlled by the print management system 112 and/or the operating system 1 1 1 to 
display to users the protection levels that may be applied to the document 140 to be 
printed. 

Each document 140 to be printed may also have a security level embedded in 
it, attached to it or otherwise associated with it, that the print management system 112 
can use to identify the specific combination of protection techniques needed to detect 
and/or deter potential forgery. The policy 1 1 3 is programmable and may be adapted 
to the particular requirements of the organization that operates, owns or uses the 
network 100. The policy 113 may be programmed to assign a protection level or 
levels for every authorized user of the network 100 or for every computer 121-123 of 
the network 100. 

Every user of the network 100 may have an identification that is programmed 
into the policy 113. The identification may be a login password or user identification. 
Every document 140 printed by the user identified by the identification may have be 
assigned a specified protection level, a minimum protection level and/or a maximum 
protection level. 

Every computer 121-123 of the network 100 may have an identification value. 
The computer identification values may be programmed into the policy 113. Every 
print job sent by the identified one of the computers 121-123 to the server 110 may 
have a specified protection level, a minimum protection level and/or a maximum 
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protection level. The policy 113 determines the protection requirements for the 
document 140 to be printed by identifying the user that enters the print command 
and/or the computer 121-123 that sends the print job. 

The policy 113 may also conduct a search of the content of the document 140 
to determine the required protection level. The search could be, for example, a 
keyword search or a keyphrase search of the document 40. The protection 
requirements of the document 140 could be dependent on the number of occurrences 
of various ones of the keywords or keyphrases. 

The policy 113 determines the security requirements for the document 140 to 
be printed. For example, the policy 113 may determine that the document 140 to be 
printed requires protection against forgery by copying using a standard photocopier. 
Alternatively, the policy 113 may determine that the document 40 to be printed 
requires protection against scanning, image processing, and alteration of the contents 
of the document 140. Once the policy 113 determines the security requirements, the 
print management system 112 identifies the specific combination of protection 
techniques needed to meet these requirements. The print management system 112 
then routes the print job to one of the trusted printers 131-135 that can apply the 
appropriate protections and sets the parameters in the selected printer to apply the 
appropriate protection techniques to the document 140. Examples of the protection 
levels that can be applied to the document 140 when it is printed, the forgery 
techniques that the protection levels protect against and the equipment necessary for 
creating the protection level and verifying the authenticity of a document are 
described in Table 1 . 

Table 1 



Protection 
Levels 


Technique(s) 


Protects Against 


Equipment Needed 


Level 0 


Fragile variable copy evident 
watermark. 


Adversary with standard 
copier and toner or ink. 
Blank originals attack. 


Standard color printer, or 
special toner or ink, or 
hyperacuity printer with 
inspector. 


Level 1 


Robust variable invisible 
copy evident watermark with 
tracing information. 


Adversary who can 
remove copy evident 
watermarks from originals. 
Blank originals attack. 
Compromised tracing 
attack. 


Standard color printer 
with special toner or ink. 
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Level 2 


Fragile variable fluorescing 
invisible copy evident 
watermark to print page 
offset, with tracing 
information. 


Weak protection against 
tampering. Blank originals 
attack. 


Special toner or ink and 
standard highlight or 
color printer. 
Enhancements could 
include toner sensor or 
sensor to verify the 
presence of the copy- 
evident watermark. 
Fluorescent light to 
verify. 


Level 3 


Fragile variable fluorescing 
invisible copy evident 
watermark to print page 
offset, with tracing 
information, digitally signed 
and glyph encoded. 


Adversary who can scan, 
image process, and print 
and who has access to the 
special toner or ink. 


Special toner or ink and 
standard highlight or 
color printer. 
Enhancements could 
include toner sensor or 
sensor to verify the 
presence of the copy 
evident watermark. 
Fluorescent light and 
fluorescent scanner to 
verify. 


Level 4 


Fragile variable fluorescing 
invisible copy evident 
watermark to print random 
portions of the page, with 
tracing information, digitally 
signed and glyph encoded. 


Adversary who can scan, 
image process, and print 
and who has the special 
toner or ink. 


Special toner or ink and 
standard highlight or 
color printer. 
Enhancements could 
include toner sensor or 
sensors to verify the 
presence of the copy 
evident watermark. 
Fluorescent light and 
fluorescent scanner to 
verify. 


Level 5 


Robust variable fluorescing 
black copy evident 
watermark with tracing 
information. 


Adversary with standard 
standard copier and toner 
or ink. Compromised 
tracing attack. 


Fluorescing black toner 
or ink in a standard 
highlight or color 
printer. Fluorescent light 
to verify. 


Level 6 


Robust variable fluorescing 
black copy evident 
watermark with tracing 
information to print fixed 
portions of the page. 


Adversary with standard 
copier and tone or ink. 
Detached toner attack. 
Blank originals attack. 


Fluorescing black toner 
or ink in a standard 
highlight or color 
printer. Fluorescent light 
to verify. 


Level 7 


Robust variable fluorescing 
black copy evident 
watermark to print random 
portions of the page, with the 
random pattern specification 
encrypted and glyph encoded 


Adversary with standard 
copier and toner or ink. 
Adversary with a scanner 
and image processor. 
Detached toner attack. 
Compromised tracing 
attack. 


Fluorescing black toner 
or ink in a standard 
highlight or color 
printer. Fluorescent light 
to verify. Inspector to 
read and verify the 
glyph. 
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Level 8 


Robust variable fluorescing 
black copy evident 
watermark to print content 
dependent portions of the 
page, with tracing 
information, encrypted and 
glyph encoded 


Adversary who alters 
tracing information. 
Adversary with standard 
copier and ink. Adversary 
who can scan and image 
process. Detached toner or 
ink attack. Compromised 
tracing attack. 


Fluorescing black toner 
in a standard highlight or 
color printer. 
Fluorescent light to 
verify. Inspector to read 
and verify the glyph. 



Although Table 1 shows various watermarking techniques usable either alone 
or in combination to provide a specified level of protection to a document, it should 
be appreciated that the table is merely one exemplary embodiment of a policy 113. 
Other combinations of watermarking techniques may be provided to enable a greater 
range of protection levels. The protection levels, the techniques, the forgery methods 
that are protected against, and the equipment necessary to apply the techniques to a 
document to be printed and verify if a printed document is an original or a forgery are 

described in U.S. Application Serial No. (Attorney Docket Number 

104136), incorporated herein by reference in its entirety. 

As shown in Fig. 1, the trusted printer 131 can print documents having Level 0 
protection, the trusted printer 132 can print documents requiring Level 1 protection, 
the trusted printer 133 can print documents requiring Level 0 through Level 4 
protection, the trusted printer 134 can print documents requiring Level 4 through 
Level 8 protection and the trusted printer 135 can print documents requiring Level 7 
and Level 8 protection. 

Fig. 2 is a flowchart of one exemplary embodiment of a document forgery 
protection printing method according to this invention. Beginning in step SI 000, 
control continues to step SI 100, where a user creates a document that requires forgery 
protection. Then, in step SI 200, the user enters a print command to print the 
document requiring forgery protection. Next, in Step SI 300, information about the 
protection levels is displayed to the user. Control then continues to step SHOO. 

In Step SI 400, information is collected about the value of the document 
requiring forgery protection. The information may include information or 
assumptions about potential forgery of the document requiring forgery protection and 
the cost of applying the various available protection techniques to the document 
requiring forgery protection. Next, in step SI 500, the protection requirements of the 
document requiring forgery protection are determined based on a trusted printing 



8 

policy. The determined protection requirements for the document requiring forgery 
protection may indicate that this document requires protection against forgery from 
copying using a standard photocopier or that the document requiring forgery 
protection requires protection against forgery by scanning, image processing and 
altering of the contents of the document. Then, in step SI 600, the protection level 
that provides the specific combination of protection techniques to meet the determined 
protection requirements is determined. Control then continues to step SI 700. 

In step SI 700, a trusted printer that can apply the appropriate protection 
techniques to the document requiring forgery protection is selected based on the 
determined protection level. Then, in step SI 800, the print job for the document 
requiring forgery protection is routed to the selected trusted printer. Next, in step 
SI 900, the parameters in the selected trusted printer are set based on the determined 
protection level. In step S2000, the document requiring forgery protection, including 
the protection techniques of the determined protection level, is printed using the 
selected trusted printer. Then in step S2100 the method ends. 

Although one exemplary embodiment of a document forgery protection 
printing method according to this invention has been described above with respect to 
Fig. 2, it should be appreciated that other exemplary embodiments of document 
forgery protection printing methods may be apparent to those of ordinary skill in the 
art. For example, in various exemplary embodiments of the document forgery 
protection printing method according to this invention, the information about the 
protection levels may be displayed prior to the print command being entered. In other 
various exemplary embodiments of the document forgery protection printing method 
invention of this invention, the information about the value of the document and the 
potential forgery of the document may also be collected prior to the print command 
being entered . In other various exemplary embodiments of the document forgery 
protection printing method according of this invention, the parameters of the selected 
trusted printer may be set prior to the print job being routed to the selected trusted 
printer. 

While this invention has been described in conjunction with the various 
exemplary embodiments outlined above, it is evident that many alternatives, 
modifications and variations will be apparent to those skilled in the art. Accordingly, 
the various exemplary embodiments of the invention, as set forth above, are intended 
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to be illustrative, not limiting. Various changes may be made without departing from 
the spirit and scope of the invention. 




